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Clean Version Of The Pending Claims Under 37 C.F.R. 51.121(c)(3): 


2 


In accordance with 37 C.F.R. §1. 121(c)(3), claims 3-4, 6-12, and 15-22 are 


3 


submitted below as a clean version of the entire set of pending claims in this single 


4 


amendment paper. In addition, a marked up version of amended claims 3-4, 6-9, 


5 


and 15-17, showing all the changes relative to the previous version of these 


6 


claims, is submitted on one or more pages separate from this amendment in 


7 


accordance with 37 C.F.R. §1. 121(c)(3). 
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1 . (Canceled) 


2. (Canceled) 
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%\ (Amendeo) A computerized method for key-based secure storage 




comprising: \ 


V 15 


downloading information and an access predicate that specifies 


16 


requirements for an application to access the information; 


x / 17 


generating a seed value; 




producing a hash seen value based on the seed value using a one-way hash 


19 


function; \ 


20 


generating an application storage key from the hash seed value; 


21 


encrypting the information using the application storage key; and 


22 


associating the access predicate with the encrypted information. 

\ 
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(Amended) A computerized method for key-based secure storage 

composing: 

downloading information and an access predicate that specifies 
requirements foiNan application to access the information; 
generating a\eed value; 

producing a first hash seed value based on the seed value using a one-way 
hash function; 

producing a second loash seed value based on the seed value and a user 
identifier using a keyed hash function; 

generating a user storage K^y from the second hash seed value; 
encrypting the information u^ng the user storage key; and 
associating the access predicateWith the encrypted information. 



(Canceled 



2- 



/ & N^Amended) A computerized method for key-based secure storage 
comprising: 

downloading Information and an access predicate that specifies 
requirements for an applicathm to access the information; 
obtaining a storage key; 

encrypting the information usin^the storage key; 
associating the access predicate with the encrypted information; 
obtaining an operating system storage key; 
encrypting the access predicate with the operating^stem storage key; and 
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enVypting a plurality of other storage keys using the operating system 
storage keyWherein the other storage keys are selected from the group consisting 
of applicatiomstorage keys and user storage keys. 

t \ 

rf. (Amended) A computerized method for key-based secure storage 
comprising: \ 

downloading Vnformation and an access predicate that specifies 
requirements for an application to access the information; 

obtaining a storage key; 

encrypting the information using the storage key; 

associating the accesspredicate with the encrypted information; 

generating a seed value;\ 

generating an operating system storage key based on the seed value; and 
encrypting the access predicate with the operating system storage key. 



storage comprising: \ 

downloading information and \ an access predicate that specifies 
requirements for an application to access toe information; 

generating a seed value for the application; 

producing an application hash seed value based on the seed value for the 
application using an application-specific one-way hash function; 

generating an application storage key from the application hash seed value; 
generating a seed value for a user; \ 
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producing a first user hash seed value based on the seed value for the user 
using a one-Way hash function; 

producing a second user hash seed value based on the first user hash seed 
value and a user identifier using a keyed hash function; 

generating Auser storage key from the second user hash seed value, the 
application storage key and the user storage key to encrypt information containing 
a portion specific to an application and a portion specific to the user; 

encrypting the information using the application storage key and the user 
storage key; and \ 

associating the access predicate with the encrypted information. 

jf. (Amended) A corrmuterized method for key-based secure storage 
comprising: ( \ 

downloading information and an access predicate that specifies 
requirements for an application to accesk the information; 

obtaining a storage key; \ 

encrypting the information using theWorage key; 

associating the access predicate with tme encrypted information; 

storing the storage key in a key vault provided by a third-party; and 

recovering the storage key from the key vault. 

7 \ 

The computerized method of claimA wherein recovering the storage 

key comprises: A 

requesting recovery of the storage key; and \ 

providing information to the third-party to enab\e validation of the request. 
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-H"\ The computerized method of claim-*^ further comprising: 
selecting the key vault from a plurality of key vaults provided by a trusted 
operating syster 

-t27 The computerized method of claim 8^ further comprising: 
selecting the key vault designated by a provider of the information. 



£l3. \ (Canceled)] 
J~L4. (Canceled)^ 



t5r\ (Amended) A computer system comprising: 
a processing unit; 

a system mernory coupled to the processing unit through a system bus; 
a computer-readable medium coupled to the processing unit through a 
system bus; 

a generate key function\xecuted from the computer-readable medium by 
the processing unit, wherein the geherate key function causes the processing unit 
to generate an .operating system storage\|cey based on an identity for the operating 
system and based on a seed. 

t6* (Amended) A computer system comprising: 
a processing unit; 

a system memory coupled to the processing unit thrfcaigh a system bus; 
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\ a computer-readable medium coupled to the processing unit through a 
system Vis; 

a generate key function executed from the computer-readable medium by 
the processing unit, wherein the generate key function causes the processing unit 
to generate amoperating system storage key based on an identity for the operating 
system; \ 

an application specific one-way hash function executed from the 
computer-readable Viedium by the processing unit, wherein the application 
specific one-way hasrti function causes the processing unit to generate an 
application storage key from a hashed seed; and 

a generate application key function executed from the computer-readable 
medium by the processing Ynit, wherein the generate application key function 
causes the processing unit to generate the hashed seed from an application seed. 

\v \ 

<¥TT (Amended) A computer system comprising: 
a processing unit; \ 

a system memory coupled to theWocessing unit through a system bus; 

a computer-readable medium coupled to the processing unit through a 
system bus; \ 

a generate key function executed from the computer-readable medium by 
the processing unit, wherein the generate keAfunction causes the processing unit 
to generate an operating system storage key based on an identity for the operating 
system; \ 
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\ key-hash function executed from the computer-readable medium by the 
processing unit, wherein the key-hash function causes the processing unit to 
generate a user storage key from a hashed seed and an identity for the user; 

a one-way hash function executed from the computer-readable medium by 
the processing unit, wherein the one-way hash function causes the processing unit 
to generate the hashed seed from a previously hashed seed; and 

a generate useV key function executed from the computer-readable medium 
by the processing unrt wherein the generate user key function causes the 
processing unit to generara the previously hashed seed from a user seed. 

13 \ 

A computer system comprising: 

a system memory coupled to, the processing unit through a system bus; 

a computer-readable mediumv coupled to the processing unit through a 
system bus; and \ 

a trusted operating system executed from the computer-readable medium by 
the processing unit, wherein the trusted operating system causes the processing 
unit to encrypt downloaded information using a storage key based on a seed 
value. \ 

4£r The computer system of claim H^Vvherein the trusted operating 
system further causes the processing unit to encrypt an access predicate associated 
with the downloaded information using an operating system storage key, to 
encrypt the seed value for the storage key using the operating system storage key, 
and to associate the encrypted access predicate with the encrypted seed value. 
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